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The invention relates to a method of providing conditional access to a content 
item, which content item is protected by a particular security mechanism. 



5 The best thing about standards is that there are so many to choose from. In 

today's digital world, this is particularly true wh^ content distribution is involved. The term 
^'content" or ''content item'' is used here to denote digital objects containing music, songs, 
movies, TV programs, pictures and other types of binary data, but also textual data. It is to be 
noted that a content item may be made up of several different files. Many different formatting 

10 schemes (for example, MDP3 for music, or MPEG-2 for movies) have been developed to allow 
ejBficient distribution of content items. These typically try to reduce the size of content item to 
be distributed whilst retaining the original quality. 

At the same time many different security mechanisms have been developed to 
protect against unauthorized access and/or copying of content items. Such security 

1 S mechanisms often involve the acquisition of digital rights which are necessary by a playback 
device before it can play back a received content item. Such acquisition in turn often involves 
the making of a payment 

Additionally, once digital rights have been pxirchased, a user is often permitted 
to make a limited number of copies of the content item, and/or to transfer tiie content item to 

20 different devices within a single domain (see e.g. Exiropean patent application 01204668*6, 
attorney docket PHNL010880). The security mechanism that controls the malcing of said 
limited number of copies, or the transfer of content between devices is not necessarily the 
same security mechanism as was used to obtain the content item in the first place. In fact, 
there may be as many different security mechanisms involved as there are devices within the 

25 domain. The various security systems implementing those mechanisms tiien need to be 
compatible with each other. The number of security systems may even be more than the 
number of devices. 

It is clear that the high number of different security mechanisms involved in 
the transfer of content from a content distributor to a playback device can easily weaken the 
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entire system. If two different mechanisms are not completely compatible, the user may be 
able to view the content item on one particular playback device, but not on another. This 
could happen, for example, if the digital rights purchased by the user are transferred 
incorrectly from one device to another, or if one security mechanism between content 
5 distributor and playback device does not support a particular digital right purchased by the 
user, and so fails to pass along this digital right to the next link in the chain. These systems 
and conversions can be located both inside and outside the home. 

This problem only increases if different formatting schemes are used by 

different d6ViC(». If a conltfiil ilum is Uausleiied from a content diotribut e r in format A and — 

Hj — protect e d using securily mechaiiisi irXraDdroirthe-w^e^e-^^ 

transcoded to format B and tiaen to formats C and D, as well as transferred to security 
systems Y and Z, the chances that the user will be able to successfully play back the content 
item will be reduced substantially. Translating between formatting schemes and security 
mechanisms may negatively affect the quality of the content item. 
15 Further, the playback device on which the user wants to play back the content 

item might not even support the formatting scheme and/or security mechanism in which the 
content item is provided. Ordinarily, the user would find out about this only after purchasing 
the necessary rig^its and subsequentiy trying to initiate playback. The user has now paid for 
something which he ca3anot use, which is clearly undesirable. 

20 



It is an object of the invention to provide a method according to the preamble, 
which reduces the risk that a user purchases a content item which he is unable to play back. 

This object is achieved according to the invention in a method comprising 

25 providing unconditional access to a sample content item protected by the same particular 
security mechanism. The sample content item could, for instance, comprises a trailer or 
advertisement for the content item, or represent a part of the content item. By downloading 
and playing the thusly provided sample, the user can test the operation of his system. As it is 
protected by the same security mechanism as the **real" content item desired by the user, the 

30 sample will undergo the same type of conversions as the real content item on the way from 
content distributor to playback device. Any errors that might occur because of 
incompatibilities in the various security mechanisms involved will then show up during the 
playback of the sample. 
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When the sample content item has been successfully passed through the 
system and can be rendered (with sufficient quality as judged by the user), the user has some 
assxirance that the content he wants to buy can actually be rendered by his system. He can 
then initiate the necessary procedures, such as acquiring (often by purchasing) one or more 
5 digital rights, to obtain a specimen of the "real*' content item, for which conditional access is 
provided. Note that the user does not have to pay or otherwise seek permission to obtain the 
sample, as it is provided unconditionally. Thus, if it fails to render successfully, the user is 
not negatively affected financially. 

In an embodiment the protected content item is formatted using a particular 
10 formatting scheme, and the sample content item is formatted using the same formatting 
scheme. This way, the user can test not only whether the various security mechanisms 
involved are compatible and do not negatively affect the content item, but also whether the 
transcoding procedures between the various formatting schemes would affect the content 
item. 

15 In a further embodiment the access to the content item is conditional upon 

acquisition of one or more rights. The necessity to obtain digital rights can be exploited in 
various ways to even further reduce the risk that a user purchases a content item which he is 
unable to play back. 

For example, the acqui^tion of said one or more rights by a client is refused 

20 \mtil the sample content item has been accessed by said client This way, the user is forced to 
first test the operation of his client system, as a reasonable precaution. This should minimize 
the risk that the user purchases or otherwise acquires a digital right and subsequently finds 
himself unable to make proper use of it. 

Alternatively, the sample content item comprises an information element 

25 necessary for the acquisition of said one or more rights. This could be simply a code word 
that the user needs to supply to the digital rights management server during the acquisition 
process. Supplying the code word then serves as proof that the user was able to successfiiUy 
play back the sample. 

A similar approach would that the man-machine interface session with the user 

30 that allows the conditional access system to communicate with the user is protected using the 
same security mechanism as the content item. 

In a further embodiment the content item is protected by an encryption scheme 
using a particular key, and the sample content item is protected by the same encryption 
scheme using the same particular key. In this fashion no new key needs to be transfimred after 
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a successful test Such a key traasfer could fail, leading to the unwanted result that the user is 
unable to play back the real content item after a successful test 

In a further embodiment access to the content item and the sample content 
item is provided using a content resolution protocol wherein the content item and the sample 
content item have a common content resolution identifier. An example of such a content 
resolution identifier is the GRID as used by the TV-Anytime consortixrai. This makes it very 
easy for the user to locate both the real content item and the sample. 

It is a further object of the invention to provide a sample content item for use 
with the ni6th6d iubtdfdi&g tb the Mveinlon. In an embodimem, there i« provided a i^ample 



"to e^aat^xritem associated with a conten t it em pr o l ected by a pailicular security mechaiiAsm^ 

access to the content item being conditional upon acquisition of one or more rights, the 
sample content item being protected by the same particular secxirity mechanism, and 
comprising an information element necessary for the acquisition of said one or more rights. 

15 

These and other aspects of the invention will be apparent fi:om and elucidated 
with reference to the embodiments shown in the drawings, in which: 

Fig. 1 schemadcally shows a first embodiment of an arrangement according to 
the invention; and 

20 Fig. 2 schematically shows a second embodiment of the arrangement. 



Throughout the figures same reference mmierals indicate similar or 
corresponding features. Some of the features indicated in the drawings are typically 
25 implemented in software, and as such represent software entities such as software modules or 
objects. 

Fig. 1 schematically shows an arrangement 100 comprising a distribxrting 
server 101 and a receiving device 120 coimected via a network 110 such as the Internet or a 
cable television network. Using the network 1 10 the distributing server 101 can provide 
30 content items to the receiving device 120, for example by allowing the user of the receiving 
device 120 to access a subscription-based television service. The receiving device 120 can 
take many forms such as a set-top box, a television, a radio, a personal computer and so on. 

The distributing server 101 can provide the service in many ways. In some 
cases the service provider broadcasts the encrypted service to all receiving devices which are 
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connected via the network and only receiving devices having the appropriate descrambling 
means can descramble and access the service. In other cases, the distributing server 101 only 
provides instances of the service, such as a specific movie or television program to a specific 
subscriber who has asked for it. 
5 The exact way in which a content item is rendered or played back by the 

receiving device 120 depends on the type of device and the type of content. For instance, in a 
radio receiver, rendering comprises generating audio signals and feeding them to 
loudspeakers. For a television receiver, rendering comprises generating audio and video 
signals and feeding those to a display screen and loudspeakers. For other types of content, 

1 0 such as interactive applications, a similar appropriate action must be taken. Rendering may 
also include operations such as decrypting or descrambling a received signal, synchronizing 
audio and video signals and so on. 

Typically the user of a receiving device 120 should only be able to access the 
content if he is allowed to access it, e.g. by paying for it . Other models than payment can 

1 5 also be used to obtain access to the content item. For example, a user may receive credits for 
watch certain advertisements, and exchange those credits for access rights. 

In order to restrict access, the distributing server 101 encrypts the content 
items that he distributes to the receiving device 120. Hie user of the receiving device 120 
must then obtain the appropriate control words necessary to decrypt the service. There are 

20 nxany ways in which the distribution of control words to tiie users can be facilitated. The 
control word can be stored in the receiving device 120 or it may be distributed by the 
distributing servCT 101 to the receiving device 120 upon a payment firom the user. The control 
word can be distributed via the network 110 or be stored on a smart card which the user can 
insert in tiie receiving device 120. 

25 If the control word is stored in the receiving device 120 authorization must be 

sent by the distributing server 101 to the receiving device so that it will use the control word 
to access the service. If no authorization is received the receiving device must refuse to 
decrypt the service. Upon receipt of a valid authorization for accessing the service the device 
uses the control word to provide the user access to the service. If the control word is not 

30 available in the receiving device 120 itself, and not made available on a smartcard either, the 
distributing server 101 must send the control word to the receiving device 120. 

Fig. 2 schematically shows a second embodiment of the arrangement 100. 
While in theory the arrangement 100 as shown in Fig. 1 is adequate for securely distributmg 
content, in practice the situation is much more complex. Often the receiving device 120 is not 
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a standalone apparatus, but part of a home network of some kind. A typical digital home 
network includes a niimber of devices, e,g. a radio receiver, a tuner/decoder, a CD player, a 
pair of speakers, a television, a VCR, a tape deck, and so on. These devices are usually 
interconnected to allow one device, e.g. the television, to control another, e.g. the VCR. One 

5 device, such as e.g. the tuner/decoder or a set top box (STB), is usually the central device, 
providing central control over the others, although this does not always have to be the case. 

Content items 103 are loaded from a ston^e system 102, such as a file server, 
and transnutted to the distributing server 101. They could also be obtained from an external 
source, wnen auser requests aparucular content item me aismbuxing server lui obiams 

TO a copy irom the storage system 102 andfoimats and encodes it for transmission over iBe 

network 110, This step preferably involves encrypting the content item 104 so that only the 
receiving device 120 can decrypt it. 

Next, the content item 104 is transported over the network 1 10, In practice, 
this means it is received and passed on by several servers 1 1 1, 1 12 who may or may not 

15 modify the encoding and/or formatting of the content item 104. For example, server 111 may 
convert the content item 1 04 to analog signals that are then transmitted via a satellite link to 
server 1 12. Server 1 12 in turn converts the content item 104 back to digital infoimation and 
subsequently encapsulates the content item 104 into Intemet Protocol (IP) packets, which are 
then transmitted over the Intemet to receiving device 120. 

20 The receiving device 120, which in this embodiment is a set-top box or 

residential gateway, receives the IP packets and reconstracts the content item 104. It then 
decrypts Ihe content item 104 and passes it on to a playback device such as television 130 or 
handheld display 131. Alternatively, the receiving device 120 could store a copy of the 
content item 104 on a storage medium (not shown) such as a hard disk or DVD+RW. 

25 When transmitting the content item 104 to a playback device, care must be 

taken to ensure that no unauthorized copies can be made of it. To do this, a security 
framework, typically referred to as a Digital Rights Management (DRM) system is necessary. 

In one such framework, the home network is divided conceptually in a 
conditional access (CA) domain and a copy protection (CP) domain. Typically, the sink is 

30 located in the CP domain. This ensures that when content is provided to the sink, no 

unauthorized copies of the content can be made because of the copy protection scheme in 
place in the CP domain. Devices in the CP domain may comprise a storage mediimi to make 
temporary copies, but such copies may not be exported from the CP domain. This framework 
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is described in European patent application 01204668.6 (attorney docket PHNL010880) by 
the same stpplicant as the present application. 

The home network will often be much more complex than shown in Fig, 2. 
For instance, a variety of devices could be necessary to transport the content item 104 from 
5 the receiving device 120 and the handheld display 131. The home network may comprise a 
multitude of domains, each with their own restrictions and rules, making it necessary to 
convert tiie content item 104 whenever it enters or leaves a particular domain. In this process, 
some of the digital rights obtained by the user may get lost due to incompatibilities between 
the domains. For instance, a right to view the content item 104 three times caimot be handled 
10 by a basic copy protection domain. 

Additionally, the playback device 130, 13 1 to which the content item 104 is 
transported may not even be able to render the content item 104 at all. The handheld display 
131 might, for example, not have the necessary software installed to play back content 
formatted in accordance with the MPEG-4 standard. The only way for the user to find out is 
15 to obtain a copy of the content item 1 04, have it transferred to the handheld display 131 and 
see if it works. 

Obviously, this is not acceptable when the user has to spend money to acquire 
one or more rights necessary to decrypt or otherwise access the content item 104. To this 
end, in the present invention a sample content item 105 is provided in the same fashion as the 

20 content item 1 04 which the user desires. That is, it is protected by the same protection or . 
digital rights management system as the content item 104. 

Access to tihe sample content item 105 is unconditional, in the sense that the 
user does not have to spend money or otherwise obtain permission to obtain the sample 
content item 105. This way, he can simply test the correct working of the entire arrangement 

25 100 by obtaining the sample content item 105 and seeing whether it is played back correctiy 
on the playback device of his choice. If, for example, the sample content item 105 is 
formatted in accordance with a scheme not supported by the handheld display 131, the user 
will get an error message, and he then knows he should not attempt to acquire the content 
item 104. 

30 Preferably the sample content item 1 05 comprises a trailer for the content item 

104. It could also be a (short) part of the content item 104 itself, a short promotional message 
regarding the content item 104 or regarding the service provider who makes the content item 
104 available, and so on. 
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The content item 104 may be protected by an encryption scheme using a 
particular key. The sample content item 105 should then be protected by the same encryption 
scheme using the same particular key. In this fashion no new key needs to be transferred after 
a successful test. Such a key transfer could fail, leading to the unwanted result that the user is 
5 unable to play back the real content item after a successful test. 

The content item 104 is formatted using a particular formatting scheme, such 
as MPEG-2. Preferably, then, the sample content item 105 is formatted using the same 
formatting scheme. In the distribution chain between the file server 102 and the playback 

di^vice 130 ux 131, the lujutmit item 104 niay be i^fuimalleil hi accoiJauu? wIQi auutliui 

formattmg-sdi«mer^Hiisr4s-n©t^^ — 

option used in the original formatting scheme is not supported by the target formatting 
scheme. 

By formatting the sample content item 105 with the same original formatting 
scheme, the user can test not only whether the various security mechanisms involved are 

15 compatible and do not negatively affect the content item^^ but also whether the transcoding 
procedures between the various formatting schemes would affect the content item. 

When access to the content item 104 is conditional upon acquisition of one or 
more rights, it is desirable that the user does not attempt to acquire such rights until he has 
verified that he will be able to play back the content item 104. So, preferably the acquisition 

20 of said one or more rights is refiised until the sample content item 105 has been accessed by 
said client. This can easily be detected by the distributing server 101 if the identity of the 
user, or an identifier for the receiving device 120 (which typically requests the rights) can be 
obtained. 

Another way to prevent the acquisition of rights which the user will be unable 
25 to use is to embed an information element necessary for the acquisition of said one or more 
rights in the sample content item 105. This could be simply a code word that the user needs 
to supply to the distributing server 101 during the acquisition process. Supplying the code 
word then serves as proof that the user was able to successfully play back the sample. 

The best results are obtained when the content item 1 04 and the sample 
30 contrat item 105 are provided by the distributing server 101 linked to each other. This way, 
the user is less likely to oversee the fact that a sample is available using which he can fireely 
test the arrangement 100. This could be realized e.g. by storing tiie content item 104 and the 
sample content item 105 on the same carrier, if the distributing server 101 makes content 
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available in this fashion* They can also be made available &om the same webserver^ or by 
providing links to the respective content items 104, 105 from a single webpage. 

Using e.g. DVB-MHP or information in an Electronic Program Guide (EPG), 
the content item 104 and the sample content item 105 can also be logically linked. In 
5 particular, when using the TV-Anytime GRID resolution process a logical link can be 
established very easily. 

In this process, metadata for the content items 103 generally comprises 
information such as title, artist, genre and so on, and may also contain a unique content 
reference identifier (GRID), sometimes also called a content reference identifier. Using the 

1 0 GRID, each individual content item can be imiquely identified. Further, using the GRID 

further information can be retrieved from a database. For example, a user can select a content 
item which he vdshes to see fix>m the EPG, even though the time and place of broadcast are 
not yet known. Using the GRID, the system can then retrieve the time and place of broadcast 
of the content item when this information becomes available. 

15 The GRID is not restricted to broadcast transmissions of content. It could also 

refer to a location on the Internet, or to any other sovirce. The purpose of content resolution is 
to allow acquisition of a specific instance of a specific item of content. For example a user 
may want to record an episode of a television series, but he does not necessarily know when 
and where that episode will become available. He can then use his personal digital recorder 

20 (PDR) or similar device to enter a reference to the episode or series by means of the GRID. 
Note that a GRID may refer to an entire series or to an individual episode thereof. 

Having received a GRID for a content item, the PDR tries to obtain the 
location of the content item. This information is called a locator and it contains the date, time 
and channel on which the content item will be broadcast The user however does not need to 

25 be aware of this. Once the PDR has obtained tiie locator of the content item, the PDR waits 
for the specified date and time and then records the episode as it is broadcast on tiie specified 
chaimel. Of course, if the locator indicates a location on the Internet or the like, the PDR can 
simply retrieve the content firom the indicated location as soon as it becomes available. 

The TV- Anytime standardization body provides a standardized Gontent 

30 Reference ID. See TV-Anytime Forum, www.tv-anytime.org. Specification Series: S-4, on 
Gontent Referencmg (Normative), Document SP004V1 1, 14 April 2001. The GRID is used 
for location resolution, which can be defined as the process of translating a GRID into other 
GRID(s) or locators. For instance, a GRID for an entire TV series could be translated into a 
series of GRIDs for the individual episodes of that series. Location resolution may be done 
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in the receiving device 120 or remotely. A resolution provider does location resolution. 
Resolution providers use resolving authority records (RARs) to be identified and located. A 
RAR includes at least an <author ity> field, corresponding to a body that creates CRIDs. 

Using this process, a GRID for the content item 104 can be created which can 
5 be translated into a GRID for the sample content item 105 and a GRID for the actual content 
item 104. The user can then program the main GRID in the receiving device 120, or 
otherwise mdicate his desire to obtain the content item 104, and the receiving device 120 then 
arranges resolution of this main GRID. In this process, the GRID for the sample content item 

i05 li^ obtained and iiifuimaliun lu Ihis gflcul is presented to the user. 

to The content item 10 4 m a y4?eniownloaded^feettt-res^eaef^ 

then requires the acquisition of rights. Often metadata regarding tiie content item 1 04 is then 
unconditionally available. This metadata could contain information regarding the sample 
content item 105, so that the user becomes aware of its existence and may want to obtain the 
sample content item 105 before acquiring any rights. 
15 It should be noted that the above-mentioned embodiments illustrate rather than 

limit the invention, and that those skilled in the art will be able to design many alternative 
embodiments without departing firom tihie scope of the appended claims. 

In the claims, any reference signs placed between parentheses shall not be 
construed as limiting the claim. The word "comprising" does not exclude the presence of 
20 elements or steps other than those listed in a claim. The word "a" or "an" preceding an 

element does not exclude the presence of a plurality of such elements. The invention can be 
implemented by means of hardware comprising several distinct elements, and by means of a 
suitably programmed computer. 

In the device claim enumerating several means, several of these means can be 
25 embodied by one and the same item of hardware. The mere fact that certain measures are 
recited in mutually different dependent claims does not indicate that a combination of these 
measures caimot be used to advantage. 
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1 . A method of providing conditional access to a content item, which content 

item is protected by a particular security mechanism, comprising providing unconditional 
access to a sample content item protected by the same particular security mechanism* 

5 2. The method of claim 1, in which the protected content item is formatted using 

a particular formatting scheme, and the sample content item is formatted using the same 
formatting scheme. 

3. The method of claim 1 , in which the access to the content item is conditional 
1 0 iipon acquisition of one or more rights. 

4. The method of claim 3, in which the acquisition of said one or more rights by 
a client is refused until the sample content item has been accessed by said client. 

15 5. The method of claim 3, in which the sample content item comprises an 

information element necessary for the acquisition of said one or more rights. 

6. The method of claim 1 , in which the content item is protected by an encryption 

scheme using a particular key, and the sample content item is protected by the same 
20 encryption scheme tising the same particular key. 



7. The method of claim 1, in which the sample content item comprises an 

advertisement or trailer for the content item. 



25 



8. The method of claim 1, in which access to the content item and the sample 

content item is provided using a content resolution protocol wherein the content item and the 
sample content item have a common content resolution identifier. 
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9. A sample content item associated with a content item protected by a particular 

security mechanism, access to the content item being conditional upon acquisition of one or 
more rights, the sample content item being protected by the same particular security 
mechanism, and comprising an information element necessary for the acqvusition of said one 
or more rights. 
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A method of providing conditional access to a content itenGi, ^v^ch content 
item is protected by a particular security mechanism, comprising providing unconditional 
access to a sample content item (105) protected by the same particular security mechanism. 
The sample content item (105) could be e.g. a trailer for the content item (104). Preferably 
the protected content item (104) is formatted using a particular formatting scheme like 
MPEG-2, and the sample content item (105) is formatted using the same formatting scheme. 
If acquisition of rights by a client (120) is necessary for playback of the content item (104), 
this is pref^ably refused until the sample content item (105) has been accessed by said client 
(120). 
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